.github/workflows/deploy.yml

name: Deploy

on:
  push:
    branches:
      - "*"
      - "dependabot/**"
      - "!skipci*"

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}

permissions:
  id-token: write
  contents: read
  actions: read

jobs:
  unit-tests:
    name: Unit Tests
    uses: ./.github/workflows/unittest-workflow.yml
    if: github.ref == 'refs/heads/master'
    secrets:
      CODE_CLIMATE_ID: ${{ secrets.CODE_CLIMATE_ID }}
  deploy:
    runs-on: ubuntu-latest
    env:
      SLS_DEPRECATION_DISABLE: "*" # Turn off deprecation warnings in the pipeline
    steps:
      - name: set branch_name # Some integrations (Dependabot & Snyk) build very long branch names. This is a switch to make long branch names shorter.
        run: |
          echo "GITHUB_REF=${GITHUB_REF}"        
          if [[ "$GITHUB_REF" =~ ^refs/heads/dependabot/.* ]]; then
            echo "branch_name=`echo ${GITHUB_REF##*/*-} | md5sum | head -c 10 | sed 's/^/x/'`" >> $GITHUB_ENV
          elif [[ "$GITHUB_REF" =~ ^refs/.*/snyk-* ]]; then
            echo "branch_name=`echo ${GITHUB_REF##*/*-} | head -c 10 | sed 's/^/s/'`" >> $GITHUB_ENV
          else
            echo "branch_name=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV
          fi
      - uses: actions/checkout@v3
      - name: Validate branch name
        run: ./.github/branchNameValidation.sh $STAGE_PREFIX$branch_name
      - name: set branch specific variable names
        run: ./.github/build_vars.sh set_names
      - name: set variable values
        run: ./.github/build_vars.sh set_values
        env:
          AWS_DEFAULT_REGION: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_DEFAULT_REGION] || secrets.AWS_DEFAULT_REGION }}
          AWS_OIDC_ROLE_TO_ASSUME: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_OIDC_ROLE_TO_ASSUME] || secrets.AWS_OIDC_ROLE_TO_ASSUME }}
          STAGE_PREFIX: ${{ secrets.STAGE_PREFIX }}
          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
          CODE_CLIMATE_ID: ${{ secrets.CODE_CLIMATE_ID }}
      - name: Configure AWS credentials for GitHub Actions
        uses: aws-actions/configure-aws-credentials@v4
        with:
          role-to-assume: ${{ env.AWS_OIDC_ROLE_TO_ASSUME }}
          aws-region: ${{ env.AWS_DEFAULT_REGION }}
      - uses: actions/setup-node@v3
        with:
          node-version-file: ".nvmrc"
      - uses: actions/cache@v3
        with:
          path: "**/node_modules"
          key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock', 'plugins/**') }}
      - name: set path
        run: |
          echo "PATH=$(pwd)/node_modules/.bin/:$PATH" >> $GITHUB_ENV
      - name: deploy
        run: |
          # When deploying multiple copies of this quickstart to the same AWS Account (not ideal), a prefix helps prevent stepping on each other.
          # This can optionally be set as an GitHub Actions Secret
          ./deploy.sh $STAGE_PREFIX$branch_name
      - name: Endpoint
        id: endpoint
        run: |
          APPLICATION_ENDPOINT=$(./output.sh ui ApplicationEndpointUrl $STAGE_PREFIX$branch_name)
          echo "application_endpoint=$APPLICATION_ENDPOINT" >> $GITHUB_OUTPUT
          echo "## Application Endpoint" >> $GITHUB_STEP_SUMMARY
          echo "<$APPLICATION_ENDPOINT>" >> $GITHUB_STEP_SUMMARY
        working-directory: services
    outputs:
      application_endpoint: ${{ steps.endpoint.outputs.application_endpoint}}
  # run e2e tests after deploy completes
  e2e-tests-init:
    name: Initialize End To End Tests
    if: ${{ github.ref != 'refs/heads/master' && github.ref != 'refs/heads/val' && github.ref != 'refs/heads/prod' }}
    needs:
      - deploy
    runs-on: ubuntu-latest
    steps:
      - name: Verify Endpoint
        if: ${{ needs.deploy.outputs.application_endpoint == ''}}
        run: |
          echo "No endpoint set, Check if the deploy workflow was successful."
          exit 1
      - uses: actions/checkout@v3
      - name: set branch_name
        run: |
          if [[ "$GITHUB_REF" =~ ^refs/heads/dependabot/.* ]]; then # Dependabot builds very long branch names.  This is a switch to make it shorter.
            echo "branch_name=`echo ${GITHUB_REF#refs/heads/} | md5sum | head -c 10 | sed 's/^/x/'`" >> $GITHUB_ENV
          else
            echo "branch_name=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV
          fi
      - name: set branch specific variable names
        run: ./.github/build_vars.sh set_names
      - name: set variable values
        run: ./.github/build_vars.sh set_values
        env:
          AWS_DEFAULT_REGION: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_DEFAULT_REGION] || secrets.AWS_DEFAULT_REGION }}
          AWS_OIDC_ROLE_TO_ASSUME: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_OIDC_ROLE_TO_ASSUME] || secrets.AWS_OIDC_ROLE_TO_ASSUME }}
          INFRASTRUCTURE_TYPE: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_INFRASTRUCTURE_TYPE] || secrets.INFRASTRUCTURE_TYPE || 'development' }}
          STAGE_PREFIX: ${{ secrets.STAGE_PREFIX }}
          COGNITO_TEST_USERS_PASSWORD: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_COGNITO_TEST_USERS_PASSWORD] || secrets.COGNITO_TEST_USERS_PASSWORD }}
          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
      - uses: actions/setup-node@v3
        with:
          node-version-file: ".nvmrc"
      - name: Combine yarn.lock files to single file
        run: find services -maxdepth 3 -name yarn.lock | xargs cat yarn.lock > combined-yarn.txt
      - name: cache service dependencies
        uses: actions/cache@v3
        with:
          path: |
            services/app-api/node_modules
            services/uploads/node_modules
            services/stream-functions/node_modules
            services/ui/node_modules
            services/ui-auth/node_modules
            services/ui-src/node_modules
            node_modules
          key: ${{ runner.os }}-${{ hashFiles('combined-yarn.txt') }}
      - name: Configure AWS credentials for GitHub Actions
        uses: aws-actions/configure-aws-credentials@v4
        with:
          role-to-assume: ${{ env.AWS_OIDC_ROLE_TO_ASSUME }}
          aws-region: ${{ env.AWS_DEFAULT_REGION }}
      - name: Install dependencies
        run: yarn install --frozen-lockfile
      - name: set path
        run: |
          echo "PATH=$(pwd)/node_modules/.bin/:$PATH" >> $GITHUB_ENV
    outputs:
      application_endpoint: ${{ needs.deploy.outputs.application_endpoint }}

  setup-tests:
    name: "Setup End To End Tests"
    uses: ./.github/workflows/cypress-workflow.yml
    needs: e2e-tests-init
    with:
      test-path: "init"
      test-endpoint: "${{ needs.e2e-tests-init.outputs.application_endpoint }}"
    secrets:
      slack-url: ${{ secrets.SLACK_WEBHOOK_URL }}
      cypress-user1: ${{ secrets.CYPRESS_TEST_USER_1 }}
      cypress-user2: ${{ secrets.CYPRESS_TEST_USER_2 }}
      cypress-user3: ${{ secrets.CYPRESS_TEST_USER_3 }}
      cypress-user4: ${{ secrets.CYPRESS_TEST_USER_4 }}
      cypress-password: ${{ secrets.CYPRESS_TEST_PASSWORD_1 }}

  child-e2e-measure-tests:
    name: "Child End To End Tests"
    uses: ./.github/workflows/cypress-workflow.yml
    needs:
      - e2e-tests-init
      - setup-tests
    with:
      test-path: "measures/child"
      test-endpoint: "${{ needs.e2e-tests-init.outputs.application_endpoint }}"
    secrets:
      slack-url: ${{ secrets.SLACK_WEBHOOK_URL }}
      cypress-user1: ${{ secrets.CYPRESS_TEST_USER_1 }}
      cypress-user2: ${{ secrets.CYPRESS_TEST_USER_2 }}
      cypress-user3: ${{ secrets.CYPRESS_TEST_USER_3 }}
      cypress-user4: ${{ secrets.CYPRESS_TEST_USER_4 }}
      cypress-password: ${{ secrets.CYPRESS_TEST_PASSWORD_1 }}

  adult-e2e-measure-tests:
    name: "Adult End To End Tests"
    uses: ./.github/workflows/cypress-workflow.yml
    needs:
      - e2e-tests-init
      - setup-tests
    with:
      test-path: "measures/adult"
      test-endpoint: "${{ needs.e2e-tests-init.outputs.application_endpoint }}"
    secrets:
      slack-url: ${{ secrets.SLACK_WEBHOOK_URL }}
      cypress-user1: ${{ secrets.CYPRESS_TEST_USER_1 }}
      cypress-user2: ${{ secrets.CYPRESS_TEST_USER_2 }}
      cypress-user3: ${{ secrets.CYPRESS_TEST_USER_3 }}
      cypress-user4: ${{ secrets.CYPRESS_TEST_USER_4 }}
      cypress-password: ${{ secrets.CYPRESS_TEST_PASSWORD_1 }}

  health-home-e2e-measure-tests:
    name: "Health Home End To End Measure Tests"
    uses: ./.github/workflows/cypress-workflow.yml
    needs:
      - e2e-tests-init
      - setup-tests
    with:
      test-path: "measures/healthhome"
      test-endpoint: "${{ needs.e2e-tests-init.outputs.application_endpoint }}"
    secrets:
      slack-url: ${{ secrets.SLACK_WEBHOOK_URL }}
      cypress-user1: ${{ secrets.CYPRESS_TEST_USER_1 }}
      cypress-user2: ${{ secrets.CYPRESS_TEST_USER_2 }}
      cypress-user3: ${{ secrets.CYPRESS_TEST_USER_3 }}
      cypress-user4: ${{ secrets.CYPRESS_TEST_USER_4 }}
      cypress-password: ${{ secrets.CYPRESS_TEST_PASSWORD_1 }}

  e2e-feature-tests:
    name: End To End Feature Tests
    uses: ./.github/workflows/cypress-workflow.yml
    needs:
      - e2e-tests-init
      - setup-tests
    with:
      test-path: "features"
      test-endpoint: "${{ needs.e2e-tests-init.outputs.application_endpoint }}"
    secrets:
      slack-url: ${{ secrets.SLACK_WEBHOOK_URL }}
      cypress-user1: ${{ secrets.CYPRESS_TEST_USER_1 }}
      cypress-user2: ${{ secrets.CYPRESS_TEST_USER_2 }}
      cypress-user3: ${{ secrets.CYPRESS_TEST_USER_3 }}
      cypress-user4: ${{ secrets.CYPRESS_TEST_USER_4 }}
      cypress-password: ${{ secrets.CYPRESS_TEST_PASSWORD_1 }}

  a11y-tests:
    name: Accessibility Tests
    needs:
      - e2e-tests-init
      - e2e-feature-tests
      - child-e2e-measure-tests
      - adult-e2e-measure-tests
      - health-home-e2e-measure-tests
    uses: ./.github/workflows/cypress-workflow.yml
    with:
      test-path: "a11y"
      test-endpoint: "${{ needs.e2e-tests-init.outputs.application_endpoint }}"
    secrets:
      slack-url: ${{ secrets.SLACK_WEBHOOK_URL }}
      cypress-user1: ${{ secrets.CYPRESS_TEST_USER_1 }}
      cypress-user2: ${{ secrets.CYPRESS_TEST_USER_2 }}
      cypress-user3: ${{ secrets.CYPRESS_TEST_USER_3 }}
      cypress-user4: ${{ secrets.CYPRESS_TEST_USER_4 }}
      cypress-password: ${{ secrets.CYPRESS_TEST_PASSWORD_1 }}